Machine learning models and dimensionality reduction for improving the Android malware detection

Today, a great number of attack opportunities for cybercriminals arise in Android, since it is one of the most used operating systems for many mobile applications. Hence, it is very important to anticipate these situations. To minimize this problem, the analysis of malware search applications is based on machine learning algorithms. Our work uses as a starting point the features proposed by the DREBIN project, which today constitutes a key reference in the literature, being the largest public Android malware dataset with labeled families. The authors only employ the support vector machine to determine whether a sample is malware or not. This work first proposes a new efficient dimensionality reduction of features, as well as the application of several supervised machine learning algorithms for prediction purposes. Predictive models based on Random Forest are found to achieve the most promising results. They can detect an average of 91.72% malware samples, with a very low false positive rate of 0.13%, and using only 5,000 features. This is just over 9% of the total number of features of DREBIN. It achieves an accuracy of 99.52%, a total precision of 96.91%, as well as a macro average F1-score of 96.99%.